Blockchain: What's Not to Like? [podcast]

min read

View Transcript

Bayne: The following interview was recorded at the Coalition For Networked Information, fall 2018 meeting. I'm Bayne for EDUCAUSE. We're in a period right now when distributed ledger technology or Blockchain is the solution to everything. It's inevitable that it will be proposed as the solution to many problems in academia. But there are those who have strong doubts about the implementation of this technology. I spoke with Dr. Rosenthal S. H. Rosenthal, who is recently retired after nearly two decades as chief scientist of the LOCKSS program at The Stanford University libraries. And we started our conversation with Rosenthal explaining the origin of Blockchain.

Rosenthal: It achieved notoriety starting 10 years ago, when Satoshi Nakamoto introduced Bitcoin. Which is a cryptocurrency based on decentralized consensus using proof of work. Well, five years before that, my co-authors and I got a best paper award at a major computer science conference for a system using decentralized consensus proof of work. This is the protocol underlying the LOCKSS program, which we've been running for 20 years now.

And in decentralized consensus, proof of work, was not original. For Nakamoto it wasn't original, for us either. Distributed consensus started with Leslie Lamport and his co-authors in 1982. And the data structure that the Blockchain is built out of is a Merkle Tree, which was published by Ralph Merkle in 1980. The exact way that Merkle Trees are used in the Blockchain was published by ... Or was patented actually by Stuart Haber and Scott Stornetta in 1991. The company that they started using that technology has been running a central Blockchain for a quarter of a century.

The other part of Bitcoin is a cryptocurrency. Well, cryptocurrency is something that was very, very attractive to the techno libertarians and the cipher punks. The first one was started by Rosenthal Chaum in 1981. It was a failure for several reasons, but mainly because it was centralized and that was not attractive to the techno libertarians. What they wanted was a system that was permissionless in the jargon today. Which means it's a system that anyone can take part in, without having any kind of central authority.

Systems like that are vulnerable to what are called sybil attacks, where if anyone can join in and it's free to join. Anyone can win any vote they choose in the system, simply my inventing lots and lots of free identities. And in order to defend against this, you need to make voting expensive. The only way to do that is proof of work, which was invented by Cynthia Dwork and Moni Naor in 1992. None of this is terribly-

Bayne: New. It's been around a long time.

Rosenthal: Terribly innovative. What made the difference was Nakamoto's idea was actually incredibly ingenious. The way of putting all these pieces together to support a cryptocurrency. But also he's also very lucky in the situation when he announced it in 2008 was the global financial crisis. And there was also a lot of demand for shall we say obscure transactions from the dark web. There was huge demand for [inaudible 00:04:13] capital from China. The technology in that demand became in some sense successful. But none of this is new. Only the way that the cryptocurrency Bitcoin was new. Everything else was well known technology from decades earlier.

Bayne: Well, you covered this a little bit. It's claimed to be infallible. I mean, that's what a lot of the people are saying, it's so secure. What do you say to those claims?

Rosenthal: Terribly innovative. What made the difference was Nakamoto's idea was actually incredibly ingenious. The way of putting all these pieces together to support a cryptocurrency. But also he's also very lucky in the situation when he announced it in 2008 was the global financial crisis. And there was also a lot of demand for shall we say obscure transactions from the dark web. There was huge demand for [inaudible 00:04:13] capital from China. The technology in that demand became in some sense successful. But none of this is new. Only the way that the cryptocurrency Bitcoin was new. Everything else was well known technology from decades earlier.

Rosenthal: Yes, well it's complicated. Satoshi Nakamoto was a crypto ... A cipher punk, crypto techno libertarian. These people are often members of the Austrian Economics Cult, goldbugs.The idea that he built into Bitcoin was that there's a limited supply. There's only ever going to be 21 million Bitcoins. And because there's a limited supply, the price must go up. Now if you think about a system where the price must go up. It's a system for transferring wealth from later adopters call suckers, to the earlier adopters called geniuses.

This is actually what happened. The price history of Bitcoin has not been exactly, it's always going go up. What's been, is a series of pump and dump schemes, where the early adopters extracted money from suckers. The most recent one was from about November of last year to maybe March, April time frame. Early adopters extracted $30 billion worth of real currency from the suckers. The result of this, of the series of pump and dumps that you have lot of ... Well, a small number of very, very, very rich libertarian goldbugs. Who's wealth came from this Blockchain technology and its use in cryptocurrency.

And so, because the whole idea is that the price needs to keep going up. They have an enormous motivation and an enormous means to hype thing. Both to get the price to go up and to convince people that has other uses other than extracting money from suckers. Because otherwise the party is going to stop. What we've had is this kind of supernova of hype around Blockchain technology.

Let's distinguish between permissionless Blockchains like Bitcoin and permissioned Bitcoins like IBM's Hyperledger and so on. Permissionless Blockchains require a cryptocurrency to make voting in the system expensive enough for it to be secure. Therefore they're rift with crime, which isn't exactly a security thing. But the whole point is that the security depends on it being expensive. If Bitcoin's price were to stay at $4000 which unfortunately it's now well below. Bitcoin requires an inflow of speculative funds of $300 thousand an hour. Yes, you can make these things reasonably secure, if you're prepared to find enough suckers to fund them.

Bayne: Can I just as a non tech guy, what do you mean it needs $300 thousand now?

Rosenthal: Okay, so Blockchain, Bitcoin has a block time of 10 minutes. That's six blocks an hour. Each block has a reward of 12 and half Bitcoins. That's 75 Bitcoins an hour. At $4000, that's $3000 an hour. The miners need to pay electricity bills, and buy hardware and staff time, and so they need to convert that flow of 75 Bitcoin an hour into $300 thousand an hour of real money to spend on this. If the real money stops coming it, the price will go down, which is what's been happening for the past year. The problem is ... Yes, Bitcoin spends enough to be reasonably secure. But there are about 2000 cryptocurrencies, and for the smaller ones, they're not spending enough to be secure. As a result, attacks, 51% attacks where somebody takes over the Blockchain and double spends the coins are routine for the smaller cryptocurrencies.

It depends what you mean by security. The other part of this is, it's not just the actual Blockchain itself that's involved here. People need wallet software in order to store the private keys that give them access to their Bitcoin. And they need exchanges where they can covert Bitcoin into real money. Both of those are pieces of software, which like other pieces of software have bugs, and the bugs allow people to steal the money.

The reports of thefts of cryptocurrency happen daily basically. Yes, in theory the idea of a Blockchain which is a linear Merkle Tree, is as secure as the hash algorithm, Which of course over time will get broken like MD5 did and then [inaudible 00:10:55] one did, and so on. But yes, it's reasonably secure but that's actually not the security of the system. That's just the security of a piece of the system.

I was talking about permissionless Blockchain. Permissioned Blockchains like IBM's Hyperledger, have a central authority which decides who can vote basically, in the polls in the system. As a result, they're not vulnerable to sybil attacks, because in order to create an identity you have to get approved by the central authority. As a result, they don't need proof of work or anything like that. They can use Byzantine Fault Tolerance, which was invented by Leslie Lamport in 1982, and that's what Hyperledger does.

Permissioned Blockchains are ... I've got a completely different kind of system from permissionless Blockchains. They are secure, they go with security in the same way that storing Merkle Trees in a conventional database is good security. But they're a lot more expensive than purely storing Merkle Trees in a conventional database. It's not clear why you want a Hyperledger instead of just storing a Merkle Tree in a database.

Bayne: Right. Can you talk a little bit about the hype? Especially in terms of academia, people seem to be excited about this. Why is it a mismatch? Why is Blockchain a mismatch for our industry?

Rosenthal: Okay. There have been a bunch of proof of concept type things where people have recorded reviewers contribution in the Ethereum Blockchain, and so on. These are actually completely pointless, because nobody's arguing about whether the Blockchain technology works. The point is, does it scale to a reasonable level? If it does, can you afford it? The both of those is no, but having a proof of concept system that records about half a dozen reviewers contributions in the Ethereum Blockchain doesn't really tell you anything useful.

Nobody's running a Blockchain based system in academia at scale. Because it would be a lot more expensive to do that, than it would be to implement it using conventional technology. And academia doesn't have the money to waste on fancy technology that doesn't actually do anything that conventional technology doesn't. What you've got is a system where a really extraordinary level of hype because it's being funded by people who made enormous amounts of money out of Bitcoin. In order for them to continue to enjoy their ill gotten gains, they need A, the price to go up, and they've been managing that. Well, they've been attempting to manage that, using a scheme called Tether.

The problem with cryptocurrencies is that there isn't a central bank. And so some people who ran a Bitcoin exchange discovered that this was really a problem, and so they invented their own central bank, which can issue dollars. Except they're not really dollars. But anyway, they use this to pump, in the pump part of the pump and dump schemes. But really, most of the stuff that you read about Blockchain technology in the technical press, in the Bitcoin press and so on, is paid for. Most of the companies that are running marketing seminars about Blockchain technology are funded by these people who made billions of dollars out of the Bitcoin scam. You literally cannot believe anything that they write about it, because it's all couched in the near future.

For example, there were three people who's job is to evaluate technologies for the developing world. They were enthusiastic about the prospects for Blockchain technology. And so they actually set about doing some of the kind of research that they do for their jobs. They found use cases and they read reports. They contacted the companies and so on, and they came to the conclusion that there was no they out there. They wrote a piece saying, "Okay, we were wrong. There's no they out there." And the reason is, because it's all being hyped by people who have both a motive and the means to do it.

Permission systems like IBM's Hyperledger and the recent announcement from Amazon are a completely different animal. I mean, yes you can do this, it has certain advantages if you really want to distribute the authority in this system among a set of trusted organizations. But academia already has a lot of resources that are built around single trusted organizations. For example cross [inaudible 00:16:42] is a great example. The publishers and the academics came together. They built this organization, it runs the DOI structure, and metadata and so on, and it works just fine. Because it's only one of it to pay for instead of say five or six that they need to pay for, it's much cheaper.

The reason that people keep getting suckered into this is because of the really extraordinary levels of hype around this. The people don't understand that this hype is being bought and paid for, it isn't organic hype. Maybe for example, the cloud was what I could call organic hype. Because there was actually some they out there, and the companies who were pushing actually had a real ... There were real economic advantages for adopting it. But the hype budget for Blockchain technology is way bigger than the hype budget for cloud ever was.

Bayne: What would your advice be to academic institutions moving towards Blockchain?

Rosenthal: Well, the first would be to stop it.

Bayne: Right.

Rosenthal: And actually do some research here. There are a number of places that you should go and pay attention to. The first is, Okay, so this is all built on cryptography. Why don't you go see what actual cryptographers are saying about this technology? You can find writings by for example Radia Perlman, Ron Rivest, [inaudible 00:18:17] and some of them all saying, "Oh, there's nothing here." There's a terrific source for this, which is accessible to non-experts. There's an Australian who lives in London called Rosenthal Gerard, who's written a book called Attack of the 50 Foot Blockchain. Which everyone should read because, A, it's historically funny and B, it's full of actual facts about this. Because Rosenthal Gerard's day job is as a Sys Admin, and Sys Admin have a sensibly skeptical view of new technology.

I mean, I've been writing for this for more than five years. If you look at blog.tshr.org, and you look for the Bitcoin tag. You'll find a long history of skeptical writing about this. The thing about both my blog and Rosenthal Gerard is that we actually link to the actual sources for people writing about this. There's some very good academic groups. There's [inaudible 00:19:27] at Princeton I think. The group at Cornell that blogs under Hacking Distributed and Nicholas Weaver UC Berkeley. They're all good sources for this.

Bayne: Well, cool. Is there anything else you'd like to add that we haven't touch?

Rosenthal: There was a public enemy a long time ago. It was one of the very first rap songs, was called Don't Believe the Hype. That's what you need to do here.

Bayne: That's great. Well, Rosenthal, thank you so much for your time. I appreciate it.

Rosenthal: Okay, this was fun.

Bayne: Dr. Rosenthal S. H. Rosenthal has recently retired after nearly two decades of chief scientist of the LOCKSS program at the Stanford University of Libraries. I'm Bayne for EDUCAUSE, thanks for listening.